CVE-2024-1509
CVE-2024-1509
Título es
CVE-2024-1509
Vie, 28/02/2025 – 22:15
Tipo
CWE-523
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-1509
Descripción en
Brocade ASCG before 3.2.0 Web Interface is not
enforcing HSTS, as defined by RFC 6797. HSTS is an optional response
header that can be configured on the server to instruct the browser to
only communicate via HTTPS. The lack of HSTS allows downgrade attacks,
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking
protections.
28/02/2025
28/02/2025
Vector CVSS:4.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Gravedad 4.0
7.60
Gravedad 4.0 txt
HIGH
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Referencias
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25428
Enviar en el boletín
Off
